SEC 2022 Examination Priorities

Most notably, from a CYBERSECURITY PERSPECTIVE, the SEC is focused on Information Security and Operational Resilience as it relates to broker-dealers’, RIAs’, and other registrants’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets.
For Information Security and Operational Resiliency, the Division will review broker-dealers’, RIAs’, and other registrants’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets.
Examinations will continue to review whether firms have taken appropriate measures to:
- Safeguard customer accounts and prevent account intrusions
- Oversee vendors and service providers
- Address malicious email activities, such as phishing or account intrusions
- Respond to incidents, including those related to ransomware attacks, identify and detect red flags related to identity theft, and manage operational risk as a result of a dispersed workforce
In addition, the Division will again be reviewing registrants’ business continuity and disaster recovery plans, with a particular focus on the impact of climate risk and substantial disruptions to normal business operations.

The priorities are based on a risk-based approach that includes an analysis of a given entity’s history, operations, services, products offered, and other risk factors to ensure there are guard rails in place to prevent past mistakes.
The list is compiled by staff who are uniquely positioned to examine practices, products, services, and other factors that may pose risks to investors or the financial markets.

Contact Us